FortiAnalyzer not connected-fortinet-FortiOS
Vendor: fortinet
OS: FortiOS
Description:
A Fortinet firewall needs to keep a connection with a FortiAnalyzer, otherwise certain services, such as logging, might be impacted. Indeni will alert if the connection is down.
Remediation Steps:
|1. Login via ssh to the Fortinet firewall and run the FortiOS command “get fortianalyzer-connectivity status” to review the connection status and remote disk usage with the FortiAnalyzer unit.
|2. Ensure that the correct log source has been selected in the Log Settings, under GUI Preferences of the Fortinet firewall.
|3. Check the routing and test ping connectivity between the Fortinet Firewall and the FortiAnalyzer (if icmp is allowed).
|4. Check that the TCP port 514 is allowed between the Fortinet firewall and the FortiAnalyzer. For more information check this link: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ports-and-protocols-54/FortiAnalyzer.htm#
|5. Check that the DNS lookup on the Fortinet Firewall is operational in case that the FortiAnalyzer’s FQDN needs to be resolved. Try to ping the FQDN of the FortiAnalyzer from the firewall.
|6. Check if the firmware for the firewall and FortiAnalyzer units is compatible. Review the firmware release notes for the compatibility information.
|7. If the problem persists, contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.
How does this work?
This script logs in to the FortiGate via SSH and retrieves the connectivity status with the FortiAnalyzer by using the FortiOS command “get system fortianalyzer-connectivity status”. This command provides information about the connectivity status and disk usage of the FortiAnalyzer.
Why is this important?
This metric is used to identify the connectivity status of the FortiGate device with the FortiAnalyzer. A FortiAnalyzer unit can log all FortiGate activity that is available for logging, including archiving. Check the link below for more information: https://docs.fortinet.com/uploaded/files/3421/logging-reporting-54.pdf
Without Indeni how would you find this?
An admin would need to log into the Fortinet firewall and manually check the current connection status. This information can also be provided via SNMP and logging.
fortios-fortianalyzer-connectivity-status
name: fortios-fortianalyzer-connectivity-status
description: Fortinet Firwall and FortiAnalyzer status information
type: monitoring
monitoring_interval: 15 minutes
requires:
vendor: fortinet
os.name: FortiOS
product: firewall
comments:
fortios-analyzer-is-connected:
why: |
This metric is used to identify the connectivity status of the FortiGate device with the FortiAnalyzer. A
FortiAnalyzer unit can log all FortiGate activity that is available for logging, including archiving. Check the
link below for more information:
https://docs.fortinet.com/uploaded/files/3421/logging-reporting-54.pdf
how: |
This script logs in to the FortiGate via SSH and retrieves the connectivity status with the FortiAnalyzer by
using the FortiOS command "get system fortianalyzer-connectivity status". This command provides information
about the connectivity status and disk usage of the FortiAnalyzer.
can-with-snmp: true
can-with-syslog: true
fortios-analyzer-disk-usage:
why: |
This metric is used to identify the remote disk usage (%) information with the FortiAnalyzer. A FortiAnalyzer
unit can log all FortiGate activity that is available for logging, including archiving. Check the link below
for more information:
https://docs.fortinet.com/uploaded/files/3421/logging-reporting-54.pdf
how: |
This script logs into the FortiGate via SSH and retrieves the connectivity status with the FortiAnalyzer by
using the FortiOS command "get system fortianalyzer-connectivity status". This command provides information
about the connectivity status and disk usage of the FortiAnalyzer.
can-with-snmp: false
can-with-syslog: true
steps:
- run:
type: SSH
command: get system fortianalyzer-connectivity status
parse:
type: AWK
file: get_system_fortianalyzer_connectivity.parser.1.awk
FortinetFortiAnalyzerConnection
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fortinet/FortinetFortiAnalyzerConnection.scala